'ssh -X' vs 'ssh -Y' [12:46] general question. any real different between ssh -X and ssh -Y, '-Y' is for trusted connections but what does that actually mean? [12:47] -X limits what you can do [12:47] for security reason [12:47] (to block key loggers etc) [12:47] marcoz: -X uses the XSECURITY extension to create an "untrusted" magic cookie. Clients that connect via -X can't do certain things (eg. ?GetImage from the root window) [12:47] == gustavold [gustavold@nat/ibm/x-bdcunkwjseyyztxg] has quit [Ping timeout: 245 seconds] [12:47] while -Y is pretty much like a local connection [12:49] == jg_ [~jg@135.245.8.6] has quit [Read error: Connection reset by peer] [12:49] ok, so default should be -X and not -Y then. [12:50] do you regularly use them? just curious if in practice you normally have trouble with -X where -Y works or vice versay [12:51] -X breaks many things if you're running a server that actually supports the security extension. [12:51] -X is a good default, but there are a few corner cases where -X doesn't work. eg. running an Xephyr with no other clients, SSH connects, creates a new magic cookie, disconnects, the server resets and forgets the cookie, the x client connects and the server rejects it. [12:51] gtk mostly gets it right but i don't think xaw or motif do [12:52] also the additional "security" created by -X is pretty much illusory anyway [12:52] Also, the obvious things that -X intentionally prevents. It prevents screen captures, so you can't (usefully) run a screen capture over it. [12:52] the attack it prevents is people being able to override file MAC on the remote machine, but if your attacker can do that they can just replace the binary you think you're running. [12:53] so any interaction you're having with the forwarded app is already suspect [13:30] -X also breaks things if you don't have the security extension now, as since OpenSSH 5.6 it enforces ?ForwardX11Timeout even when falling back to a trusted connection...

EVoC/GSoC email to students to drum up interest: Work in progress.

* My name is Matt Dew and I work on the X.org project. X.org[1] is the X windowing system for Linux, BSD, UNIX. If you run a GUI on linux or one of the BSDs or UNIXs then you most likely are using X.org.

* Google Summer of Code[2] is approaching and X.org is looking for bright, capable students who are interested in working on the Linux graphics stack. Google hasn't officially announced GSoC for 2012, but now is the time to start looking around to see if you're interested. For those who aren't aware, GSoC is a program where google pays students to work on open source projects. X.org has a complementary program called Endless Vacation of Code[3] (EVoC) for students whose schedules don't fit with GSoC. We have work in OpenGL/Mesa, graphics shaders, graphics drivers, state trackers, code refactoring, multi-touch and gestures work, automated testing, documentation, color management, etc.[4] You'll get to work with developers at AMD, Intel, NVidia, ?RedHat, Canonical, as well as others. I won't kid you. The work is challenging, not everyone's application is accepted and you will have to work hard to pass. But the people on the project are very smart and willing to help people who are genuinely interested in learning and wanting to participate and contribute.
Any and all interested students, please contact either me or hop on the irc channel at: irc.freenode.net #xorg or #xorg-devel